[openmage/magento-lts] Fix for arbitrary file deletion in customer media allows for remote code execution

Impact

Magento admin users with access to the customer media could execute code on the server.

References

• https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5vpv-xmcj-9q85
• https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22
• https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19
• https://nvd.nist.gov/vuln/detail/CVE-2021-41143
• https://github.com/OpenMage/magento-lts/commit/45330ff50439984e806992fa22c3f96c4d660f91
• https://github.com/advisories/GHSA-5vpv-xmcj-9q85